Solved: what regex command i can use in order to create a ... - Splunk Community

All Apps and Add-ons

I have a data which splunk shows, but i dont see a field for what i wanted

"ag-somethin-id":["97234d506-E0ASD-4XXX-AXX0-ASD77757"]

I need to to create a field with ag-somethin-id which should actually give me the all the values under those events and it should show something like:

97234d506-E0ASD-4XXX-AXX0-ASD77757 under this field ag-somethin-id

Till now I have tried using the below, but its not correct:

rex "ag-somethin-id[\\":](?[^\[":"])"

Please help in fixing this

1 Solution

Solution

This worked for me in regex101.com using your sample data.

rex "ag-somethin-id\":\[\"(?<somethin>[^\"]+)"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Solution

This worked for me in regex101.com using your sample data.

rex "ag-somethin-id\":\[\"(?<somethin>[^\"]+)"

---
If this reply helps you, Karma would be appreciated.

Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Observe and Secure All Apps with Splunk

Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever. Join us for an ...